A taxonomy of self-modifying code for obfuscation

Self-modifying code is frequently used as an additional layer of complexity when obfuscating code. Although it does not provide a provable level of obfuscation, it is generally assumed to make attacks more expensive. This paper attempts to quantify the cost of attacking self-modified code by defining a taxonomy for it and systematically categorising an adversary’s capabilities. A number of published methods and techniques for self-modifying code are then classified according to both the taxonomy and the model.